The invention relates generally to information security systems and methods and more particularly to information security systems and methods having enforceable security policy provisions.
Information security systems such as those employing public key cryptography techniques to encrypt and decrypt data, typically use a certification authority, such as a trusted network server, to generate certificates that are used by network nodes to verify, among other things, that other communications sent by users are valid. Information security systems are known which allow network nodes to have several software applications that use the same security enforcement rules by having a cryptographic engine which is accessible by each of the applications. For example, an E-mail application may access the cryptographic engine to encrypt E-mail messages. Likewise a financial document generation application may also allow access to the cryptographic engine to encrypt financial documents that may be transferred over communication links.
Conventional systems typically hard code security policy rules in the subscribers, such as network nodes so that a node requires upgraded software each time a security officer changes a policy rule. Some global policies include for example a lifetime of a password, whether or not passwords can be reused, password length, the type of cryptographic keys allowable for a particular node and other policies. Hard-coded policy rules become cumbersome and can be costly to change in large systems. Moreover, such systems do not typically allow differing policies to be set for differing nodes or for differing environments or for differing applications or for differing users, such as corporate email systems run on several servers and nodes in various organizations.
Some systems allow non-hard coded policy provisions to be used, but such systems do not typically allow the policy provisions to be definable through a centralized authority. It is desirable to have central control to institute policies to facilitate a more controlled environment particularly where a compromised communication can cause great damage to members of the network.
It is also desirable to provide policy flexibility in instances where policy rules need to be changed on a per application and/or per node basis. For example, where a node is used by a temporary employee or where the node is used by a user requiring a very high level security or high-security application, differing lengths of passwords or password life times may be necessary for each of the independent network nodes or applications.
Some systems employ attribute certificates to allow specification of information (attributes) other than public keys (but related to a certificate issuing authority, entity or public key), so that it is conveyed in a trusted manner to a relying party. Attribute certificates are conventionally associated with a specific signature public key by binding the attribute information to the key by the method by which the key is identified. For example the binding may be by using the serial number of a corresponding public key certificate, or to a hash-value of the public key or certificate.
Typically, attributes may be signed by an attributed certificate authority, created in conjunction with an attribute registration authority, and distributed in conjunction with an attribute directory service. More generally, any party with a signature key and appropriate recognizable authority may create an attribute certificate. Typically, such attribute certificates are associated with a signature public key and forwarded by a party with a signed message to a relying party that verifies the signature on the received message and uses the attribute certificate to verify proper authority associated with the signature key. One known application is to certify authorization or privilege information related to a public key. More specifically, this may be used, for example, to limit liability resulting from a digital signature, or to constrain the use of a public key (e.g., to transactions of limited values, certain types, or during certain hours). However, such methods can unnecessarily increase system overhead and complexity since the attribute certificates are generally associated with a public key and must be verified by a relying party before a privilege is honored.
Also, conventionally, where a user of a cryptographic engine is a software application, each application typically defines and controls its own security policy. For example, a certificate policy object identifier (OID) may be included as a static component of executable code of each application. Since typically different corporations or environments want different policies, this creates the problem that application software must be modified for each corporation and application developers need to be security policy experts.
Alternatively, conventional systems may have the same application software used by each corporation but the underlying security engine or cryptographic engine provides security services that are configured to a fixed security policy. Thus the application runs under a security policy set by the security engine. A problem arises since policy specific alterations of the underlying security engines are made and two different applications running in the same environment cannot operate on different policies. But no single security policy fits all software applications or users of the security engine, different applications or users typically require different policies. For example, an e-mail application may require a less stringent information encryption key length or algorithm than a banking application used for electronic commerce. A problem arises in determining how to associate and enforce different policies for different applications.
Consequently there exists a need for a computer network security system and method having enforceable security policy provisions that allows flexibility from a centralized authority to ensure more consistent control and implementation of the policies while offering flexibility to change policies when needed on a per application basis. Such a system should also allow enforcement of the policies to occur at the network nodes to help reduce overhead requirements of a central authority.